Improved look-ahead re-synchronization window for HMAC-based one-time password

Abstract

With the abundance of mobile wireless devices ranging from notebooks to smart phones, it has become convenient for One-Time Passwords (OTP) mechanism to be used for authentication. OTP are generated for single use purposes only and are generally generated on demand and have a limited usable shelf life. Upon usage, the password will be invalidated on both the client and the server side of the authentication system. A popular and standardized OTP system is the Hashed Message Authentication Code (HMAC) Based OTP (HOTP). In the HOTP system, the OTP is generated on the client side by firstly generating an encryption key that is derived from a shared secret key and incrementing a counter value. The final value generated is then truncated to the number of digits as per required by the OTP. On the server side, the same computation is generated and the OTP generated are compared for authentication. Signal interruptions in wireless environments may cause the need to regenerate a new OTP on the client side and hence causes the dynamic counter value to be desynchronized with the server. In the event that a mismatch occurs during the authentication process, the server increases the counter value within a look-ahead window for s times. This resynchronization parameter, s, determines the tolerance level of being desynchronized. However, larger s values (better tolerance) come with a trade-off of higher computational needs and can be a source of malicious attacks. This paper introduces an improved method to the HOTP standard in order to increase the computational efficiency for a larger s window. The introduced method doubles the s window size through negligible computational overheads. Furthermore, the method described in this paper can be easily implemented in the current standard implementation of the HOTP standards. (5 pages)